Apache Log4j Shell POC exploits

Preparation

Before starting, ensure your Kali Linux is fully up to date.

curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/docker-archive-keyring.gpg >/dev/null
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian buster stable' | sudo tee /etc/apt/sources.list.d/docker.list
sudo apt-get update

Install Docker

If you had older versions of Docker installed, uninstall them:

sudo apt-get remove -y docker docker-engine docker.io
sudo apt-get install -y docker-ce
sudo docker run hello-world
sudo usermod -aG docker $USER

Requirements:

pip install -r requirements.txt
❯ tar -xf jdk-8u20-linux-x64.tar.gz❯ ./jdk1.8.0_20/bin/java -version
java version "1.8.0_20"
Java(TM) SE Runtime Environment (build 1.8.0_20-b26)
Java HotSpot(TM) 64-Bit Server VM (build 25.20-b23, mixed mode)

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Chenny Ren

Chenny Ren

829 Followers

OSCP | OSWP | CRTP |CRTE |Red Team Professional | SOC engineer